what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHPADSNEW-SA-2005-002.txt

PHPADSNEW-SA-2005-002.txt
Posted Nov 20, 2005
Authored by Matteo Beccati | Site phpadsnew.com

phpAdsNew and phpPgAds versions 2.0.6 and below suffer from SQL injection, HTTP response splitting, and path disclosure flaws.

tags | advisory, web, sql injection
SHA-256 | cc54c367b1dd5d4187fc18555121f8a95684f16cc6b4251c7e091c02aad54394

PHPADSNEW-SA-2005-002.txt

Change Mirror Download
========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2005-002
Date: 2005-Nov-15
Security risk: highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.6
Versions not affected: >= 2.0.7
========================================================================


========================================================================
Vulnerability 1: SQL injection
------------------------------------------------------------------------
Impact: database access (+ potential system access)
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the session id
cookie. Kevin Fernandez "Siegfried" of Zone-H reported further dangerous
exploitation techniques to gain access to the whole database. Depending
on the database user permissions, an attacker could also gain
access to the local filesystem.


Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/advisories/FS-05-01.txt
http://www.zone-h.org/en/advisories/read/id=8413/


========================================================================
Vulnerability 2: HTTP response splitting
------------------------------------------------------------------------
Impact: application admin access
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported multiple HTTP response splitting vulnerabilities
in phpAdsNew and phpPgAds. Many of them could only be made if the
attacker already has access to the administration interface. A
vulnerability adclick.php could be exploited without access to the
application interface.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/


========================================================================
Vulnerability 3: full path disclosure
------------------------------------------------------------------------
Impact: information disclosure
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported multiple full path disclosure vulnerabilities in
phpAdsNew and phpPgAds. One of them could also reveal information about
files modified or added by the system administrator, using phpAdsNew's
own file integrity check system, given that the webserver user has
enough permissions.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/advisories/FS-05-01.txt


Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>


Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close